From ab515badee8a88513c3bf5133f96ef4e9c7653d4 Mon Sep 17 00:00:00 2001 From: Kristian Evers Date: Fri, 2 Jun 2017 16:11:38 +0300 Subject: Disallow usage of m<0 and n<0 in gn_sinu. Negative values of m and n are not valid. Can for certain values of m and n result in zero division. An error is raised at projection setup if m or n is negative. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1836 Credit to OSS-Fuzz. --- src/PJ_gn_sinu.c | 21 +++++++++++++++++++-- src/projects.h | 1 + 2 files changed, 20 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/PJ_gn_sinu.c b/src/PJ_gn_sinu.c index 3b2c8993..68a4c936 100644 --- a/src/PJ_gn_sinu.c +++ b/src/PJ_gn_sinu.c @@ -82,6 +82,21 @@ static LP s_inverse (XY xy, PJ *P) { /* Spheroidal, inverse */ } +static void *freeup_msg (PJ *P, int errlev) { /* Destructor */ + if (0==P) + return 0; + + if (0!=P->ctx) + pj_ctx_set_errno (P->ctx, errlev); + + if (0==P->opaque) + return pj_dealloc (P); + + pj_dealloc (P->opaque); + return pj_dealloc(P); +} + + static void *freeup_new (PJ *P) { /* Destructor */ if (0==P) return 0; @@ -120,7 +135,7 @@ PJ *PROJECTION(sinu) { P->opaque = Q; if (!(Q->en = pj_enfn(P->es))) - E_ERROR_0; + return freeup_new(P); if (P->es != 0.0) { P->inv = e_inverse; @@ -171,8 +186,10 @@ PJ *PROJECTION(gn_sinu) { if (pj_param(P->ctx, P->params, "tn").i && pj_param(P->ctx, P->params, "tm").i) { Q->n = pj_param(P->ctx, P->params, "dn").f; Q->m = pj_param(P->ctx, P->params, "dm").f; + if (Q->n < 0 || Q->m < 0) + return freeup_msg(P, PJD_ERR_INVALID_M_OR_N); } else - E_ERROR(-99) + return freeup_msg(P, PJD_ERR_INVALID_M_OR_N); setup(P); diff --git a/src/projects.h b/src/projects.h index 183dae6d..0e9f1b59 100644 --- a/src/projects.h +++ b/src/projects.h @@ -453,6 +453,7 @@ struct FACTORS { #define PJD_WGS84 4 /* WGS84 (or anything considered equivalent) */ /* library errors */ +#define PJD_ERR_INVALID_M_OR_N -39 #define PJD_ERR_GEOCENTRIC -45 #define PJD_ERR_AXIS -47 #define PJD_ERR_GRID_AREA -48 -- cgit v1.2.3